Major changes have taken place to UK law relating to data privacy and protection which includes personal information (“data”) which the John Carpenter Club (the Club) keeps about you. This cannot be a short communication because of the scale of the changes taking place (with effect from 25th May 2018) but it is vital that you take the time to carefully and thoroughly read the Privacy Notice which follows.

To assist your understanding the Notice deals with the following points :

- What is Lawful Processing

- What data does the Club acquire and keep about you

- Where does the Club get the data from and how is the data stored

- Does the Club transfer your data elsewhere

- How long does the Club retain your data

- Your rights

…………………………………

P R I V A CY N O T I C E

1. INTRODUCTION

On 25th May 2018 new legislation on Data Protection enters into force (The General Data Protection Regulation - “GDPR”). GDPR replaces previous legislation and contains lots of obligations which the Club must fulfil and lots of rights which you as Members have vis-à-vis the Club. Many of the Rules are the same as under previous legislation but there is plenty of new material.

GDPR is an EU Directive directly applicable in all Member states without the need for local legislation and with effect from 25th May 2018. However, the UK has decided that it wants the content of GDPR to apply after the UK leaves the EU and has tabled a Bill in the House of Lords which will achieve this objective. At first sight the Bill looks the same as GDPR (with adjustments which the Club believes are mainly not relevant to the Club’s position) but things change and the Club will need to review its position once the Bill becomes law.

GDPR, including its preamble, contains some 54,000 words so the Club hopes you will be understanding if we attempt to reduce that to some succinct explanations at the risk of leaving some questions in Members’ minds. GDPR allows the Club (“Controller” in GDPR-speak) to introduce operational rules and policies compliant with the new Directive. If you spot an error please tell us by email.

GDPR profoundly changes the way the relationship between the Club and its Members works in relation to the information (data) which the Club collects from you and then processes and stores. Some data is necessarily provided to or accessed by a third party such as an event venue, a caterer or the Alumni Relationship Officer at the School. Most of the law is mandatory but where there are options this notice will identify and explain the option the Club is using. Many of the terms are rather technical but we need to use specific terms in order to say exactly what GDPR stipulates. The Club’s first task is to be a lawful processor of your data.

2. LAWFUL PROCESSING

Membership of the Club is a form of contract where Members pay a subscription or provide us with contact details in return for which Members receive benefits and services provided by the Club. The Club asserts that it is a lawful processor by virtue of this relationship and does not need to obtain specific consent to process data. The Club also considers it is exempted from any obligation to appoint a Data Protection Officer (DPO) but it does accept the obligation to carry out processing in ways which are lawful, fair and transparent. The Club may be required to appoint a designated DPO by the UK legislation.

3. TYPES OF DATA COLLECTED AND STORED

The Club is committed to recording accurate personal data which primarily consists of the information you or the School have provided as well as the banking information on any Standing Order form.

The Club does not collect sensitive personal data such as genetic, biometric or health data. Nor does it collect information on race, ethnicity, religion, political persuasion, or sexual orientation. Such sensitive data is known in GDPR as special category data.

The Club may use your data to enhance your experience of Club Membership by recording your personal preferences, interests and geographical location.

The Club may verify the information supplied but does not seek additional information when considering membership. If information is published (i.e. in the public domain) about a Member, e.g. personal, professional or civic honour, award, achievement, etc the Club is likely to add such information to your Member record.

The Club keeps a central store of Members’ personal data in its membership database.

In the event of there being a data breach the Club undertakes to inform you (as well as any relevant authority) not later than 1 month of the Club becoming aware of the breach. The Club does not believe that the data it holds give rise to any need to report a breach to the Information Commissioner within 72 hours but it is conscious of the possible need to do so. Paper records are also held securely.

4. TRANSFER AND SHARING OF DATA

The Alumni Relationship Officer and the Alumni Communications Officer (which includes any assistant) are the principal processors of your data. The Club’s Officers may also wish to look at Member data from time to time.

The Club will not be able to release to a member personal data about another member, even a telephone number or email address, without your permission.

When you attend functions or events organised by the Club or the School the venue may, for security and practical reasons, want a list of names and a caterer will want a list of any special dietary requirements.

The Club does not knowingly transfer your data outside the EU and requires all its suppliers not to make such transfers. The ultimate location of computer servers can make this apparently simple commitment difficult to enforce.

5. RETENTION OF DATA

Names, contact details and relevant Club admission, resignation and death dates are maintained in the database as a historical record of the Club’s members.

6. YOUR RIGHTS

- To complain

Ideally the Club would wish to try to deal with complaints itself before recourse to any external authority and asks Members to submit complaints via email or post, but it is open to Members to submit a complaint at any time to the Office of the Information Commissioner.

- To have correct data recorded by the Club

The Club will be happy to correct errors and to update its records when circumstances change.

- To require the Club to erase data which it holds about a Member

The Club will fully respect the new legislation but reminds Members that the low-level information gathered by the Club is perceived by the Club as the minimum needed to provide Members with the benefits of Club Membership.

7. THE CLUB WEBSITE

This policy applies when members use the Club website. There is a link to the policy at the bottom of every page of the site.